How to File an Online Scam Complaint with the PNP Anti-Cybercrime Group or NBI Cybercrime Division

(Philippine legal context)

I. Overview: What you are filing and why it matters

Online scams in the Philippines are commonly pursued through criminal complaints under special penal laws and the Revised Penal Code, supported by digital evidence. A “complaint” is the sworn narration of facts (the complaint-affidavit) plus attachments (screenshots, transaction records, chat logs, etc.) submitted to a law enforcement cybercrime office for case build-up, investigation, and possible filing before the prosecutor.

Two primary government channels for victims are:

  1. PNP Anti-Cybercrime Group (PNP-ACG) – the Philippine National Police unit specializing in cybercrime complaints and investigations.
  2. NBI Cybercrime Division (NBI-CCD) – the National Bureau of Investigation’s unit that investigates cybercrime and prepares cases for prosecution.

In practice, either can handle many scam cases. Choice often depends on location, workload, urgency, complexity, and whether you already have an identified suspect.

II. What counts as an “online scam” legally

“Online scam” is not a single offense name; it is a label for conduct that may fall under several crimes depending on what happened. The most common legal classifications include:

A. Estafa (Swindling) – Revised Penal Code

Typically used where the offender defrauds you through false pretenses and causes damage (loss of money/property). This is the classic criminal path for many scams involving fake sales, bogus investments, or fraudulent services.

B. Cybercrime offenses – Republic Act No. 10175 (Cybercrime Prevention Act of 2012)

Cybercrime law often applies when a traditional offense is committed through a computer system or online platform, or when the act itself is a cyber offense. Key possibilities in scam contexts:

  • Computer-related fraud (depending on the mechanics, e.g., manipulation of online processes)
  • Online identity-related misuse (fake profiles, impersonation)
  • Cyber-related evidence and procedures are frequently invoked even when the base offense is Estafa.

C. Identity theft / impersonation / fraudulent use of personal data

These can overlap with cybercrime provisions and data privacy rules (depending on facts), especially when the scam uses your identity or personal information.

D. Other related offenses

Depending on facts: falsification, use of fictitious name, illegal access, or other special laws.

Key point: You do not need to perfectly label the crime in your complaint. Your job is to state the facts clearly and attach proof. Investigators and prosecutors determine the proper charges.

III. Before you file: Immediate preservation and safety steps

A. Secure your accounts and devices

  • Change passwords (email, banking, e-wallets, social media) and enable two-factor authentication.
  • Revoke suspicious device sessions and logins.
  • If malware is suspected, run reputable scans and consider professional cleaning.

B. Preserve evidence (do not “clean up” your messages)

Do not delete chats, emails, SMS, or app messages. Do not uninstall the app until you preserve data.

C. Notify banks/e-wallets immediately

If the scam involves transfers:

  • Report to your bank/e-wallet support to request account tracing, temporary holds, or internal fraud procedures.
  • This can be time-sensitive; act as soon as possible.

D. Document a timeline while memory is fresh

Write down:

  • When first contact happened
  • What was promised
  • What you did (payments, links clicked, OTPs shared)
  • What the scammer did next
  • When you realized it was a scam

IV. Evidence checklist: What investigators will ask for

Bring original files where possible, and printouts/soft copies. The stronger the evidence, the faster case build-up.

A. Identity and basic documents

  • Government-issued ID
  • Any proof of address (often helpful)
  • Authorization letter and IDs if filing for a company or on behalf of another person (plus SPA if needed)

B. Communications

  • Screenshots of chats (Messenger/Telegram/Viber/WhatsApp/SMS), including:

    • The profile page showing username/handle, URL, phone number, or ID
    • Conversation showing offer, demand, instructions, threats, admissions
    • Time stamps

  • Emails with full headers if possible (especially for phishing)

C. Transaction proof

  • Bank transfer receipts, deposit slips, online transfer screenshots
  • E-wallet transaction history
  • Remittance receipts
  • Crypto transaction hashes, exchange statements, wallet addresses
  • Marketplace/order details (Shopee/Lazada/FB Marketplace) and shipping info

D. Platform identifiers

  • URLs to profiles/pages
  • Links to posts, listings, and ads
  • Website domain, payment page link, and screenshots
  • Phone numbers, email addresses used
  • QR codes used

E. Device and account information (if relevant)

  • Screenshots of suspicious login alerts
  • App/phone logs (call logs, SMS threads)
  • IP logs if you have them (rare for individuals but sometimes available in account security pages)

F. Witnesses

If another person saw the transaction or communications, list them with contact details and a short statement.

Practical tip: Organize attachments as Annexes (Annex “A”, “B”, “C”…). Investigators and prosecutors appreciate this structure.

V. Where to file: PNP-ACG vs NBI Cybercrime Division

A. PNP Anti-Cybercrime Group (PNP-ACG)

Common reasons to choose PNP-ACG

  • You want to start with the police route and coordinate with local police units if needed.
  • You need guidance on cyber evidence handling and documentation.
  • You are nearer to a regional/city cyber office.

Typical outputs

  • Blotter/initial report intake
  • Case build-up and referral for prosecutor filing (or coordination with prosecutor’s office)

B. NBI Cybercrime Division (NBI-CCD)

Common reasons to choose NBI

  • Cases with multiple victims, organized groups, larger amounts, or cross-regional elements.
  • You want an agency that often handles broader investigative leads (depending on case).
  • You already have substantial evidence, multiple respondents, or technical angles (phishing sites, complex fraud).

Typical outputs

  • Complaint intake and evaluation
  • Case build-up, technical investigation, and preparation for filing

C. Practical guidance on selecting

  • If you need the fastest local face-to-face intake: whichever office is closest and available is usually best.
  • If the scam is widespread, syndicate-like, or technically complex: consider NBI, though PNP-ACG can also handle.
  • Filing with one does not automatically bar filing with the other, but avoid duplicative parallel actions that create confusion; coordinate and disclose if you already filed elsewhere.

VI. Online filing vs in-person filing: What “online” usually means

“Online filing” typically refers to:

  • Submitting an initial complaint intake form, narrative, and attachments through an agency’s online portal/email system (when available), and/or
  • Scheduling/queuing for personal appearance for oath-taking and document verification.

Many cybercrime complaints still require:

  • Personal appearance for identity verification,
  • Sworn statements (complaint-affidavit), and
  • Presentation of original evidence, especially for prosecution readiness.

Because procedures can vary by office and change over time, prepare for a hybrid process: online intake + later in-person affidavit/oath.

VII. Step-by-step: Filing an online scam complaint (best-practice workflow)

Step 1: Build your “Complaint Packet”

Prepare a single folder (digital and printed) containing:

  1. Case Summary (1–2 pages)

    • Your details (name, contact, address)
    • Respondent details (scammer’s name/aliases, usernames, numbers, emails)
    • Amount lost and how paid
    • One-paragraph summary of the scam
    • Timeline bullets
    • List of annexes

  2. Complaint-Affidavit (sworn narrative)

    • See Part VIII for a guide.

  3. Annexes (evidence)

    • Chat screenshots (with identifiers)
    • Payment proofs
    • Profile URLs and screenshots
    • Any admissions or threats
    • Any bank/e-wallet communications
    • Other supporting documents

  4. Device storage backup (optional but helpful)

    • USB drive containing originals (screenshots, PDFs, exported chats)

Step 2: Make your narration legally useful

Your statement should show the essential elements:

  • Misrepresentation (what they claimed)
  • Reliance (why you believed it)
  • Payment/transfer (what you gave)
  • Damage (what you lost)
  • Connection to online means (platform, accounts, links)

Step 3: Submit via the agency’s online intake channel (if available)

Attach:

  • PDF of your complaint-affidavit (unsigned if they require in-person oath; signed if they allow remote notarization—see below)
  • PDF of annexes (or zipped folder)
  • IDs

Use clear file naming:

  • ComplaintAffidavit_LastName_FirstName.pdf
  • Annexes_A_to_H_LastName.pdf
  • TransactionProofs_LastName.pdf

Step 4: Attend verification/oath-taking when instructed

Most prosecutable complaints require:

  • Sworn affidavit executed before:

    • a prosecutor,
    • authorized officer administering oaths, or
    • a notary public (depending on accepted practice and agency instruction).

Bring originals and your device, because investigators may request to view:

  • live account pages,
  • full chat threads,
  • transaction histories.

Step 5: Cooperate with follow-up investigation

Expect requests for:

  • additional screenshots or better-quality originals,
  • bank/e-wallet formal certifications,
  • extra affidavit for clarifications,
  • witness affidavits.

Step 6: Prosecutor filing (criminal case)

If the agency determines there is sufficient basis, the case proceeds to:

  • Inquest or preliminary investigation (commonly preliminary investigation for scams), where you and respondent submit affidavits and evidence.

VIII. How to draft the Complaint-Affidavit (structure used in practice)

A clean affidavit increases your chances of swift action.

A. Caption and parties

  • “COMPLAINT-AFFIDAVIT”
  • Your full name, age, citizenship, address
  • Name/aliases of respondent(s) and identifiers (usernames, numbers, emails); if unknown, state “John/Jane Doe” plus identifiers.

B. Competence and oath

  • Statement that you are executing the affidavit to file a complaint for the incident.

C. Facts in numbered paragraphs

Use short numbered paragraphs, chronologically:

  1. How you encountered the respondent (platform, date)
  2. What they offered and claimed
  3. What convinced you (screenshots attached as annexes)
  4. Instructions they gave (payment, links, OTP requests)
  5. What you paid/transferred and when (attach proof)
  6. What happened after payment (blocked, ghosted, asked for more)
  7. Discovery that it was a scam (red flags, confirmations)
  8. Resulting loss and impact
  9. Demand for restitution (optional but can show good faith)
  10. Request for investigation and prosecution

D. Annex referencing

Example: “A true copy of our chat conversation is attached as Annex ‘A’.”

E. Prayer

Request that respondent be investigated and charged under applicable laws.

F. Signature block and jurat

Signed under oath before an authorized officer/notary (as required).

IX. Special situations and how to handle them

A. If you only have partial identity of the scammer

File anyway. Provide:

  • usernames, profile links, contact numbers, email addresses,
  • bank/e-wallet receiving account details,
  • delivery addresses (if any),
  • any photos used.

Respondents can be listed as “John/Jane Doe” with identifiers.

B. If the money went to a mule account

This is common. Provide the receiving account details; investigators may trace onward movement and associated accounts.

C. If you paid via crypto

Provide:

  • wallet addresses,
  • transaction hashes,
  • exchange account details,
  • screenshots of transaction history. Crypto cases can be pursued but may be more technically demanding and cross-border.

D. If you clicked a link and gave OTPs/passwords

This may be both a scam and an account takeover incident. Preserve:

  • SMS OTP messages,
  • bank alerts,
  • login alerts,
  • device security logs.

E. If there are threats, harassment, or doxxing

Include:

  • threatening messages, calls, and timestamps,
  • accounts used to threaten you,
  • any posted personal data and URLs. This can support additional charges.

F. If you are overseas or the scammer is abroad

You can still file in the Philippines if:

  • you are Filipino or the damage occurred in the Philippines, or
  • relevant parts of the offense occurred using Philippine systems/accounts. Expect jurisdiction and evidence challenges; provide as much documentation as possible.

X. What to expect after filing

A. Case evaluation and possible outcomes

  1. For case build-up – more evidence required, additional affidavit requested
  2. Referral to prosecutor – for preliminary investigation
  3. Coordination with banks/platforms – formal requests, preservation letters
  4. Possible entrapment/operations – in certain scenarios, especially if scammer is active and identifiable (agency discretion)

B. Time and burden of proof

Criminal cases require evidence to establish probable cause at the prosecutor level and proof beyond reasonable doubt at trial. In online scams, the biggest practical hurdles are:

  • identifying the true person behind accounts,
  • linking money flow to the respondent,
  • authenticating digital evidence.

C. Restitution

A criminal case may include civil liability. However:

  • recovery is not guaranteed,
  • it depends on locating assets/accounts and legal processes.

XI. Evidence handling and admissibility: Practical legal considerations

Digital evidence must be presented in a way that supports authenticity and integrity. Helpful practices include:

  • keeping original files and metadata where possible,
  • maintaining a consistent timeline,
  • avoiding edits/cropping that remove context (use full-screen captures showing URL/username/date/time),
  • printing and certifying attachments as needed during proceedings,
  • providing device access if requested for verification.

Where available, obtain:

  • bank/e-wallet certifications or statements,
  • platform account security logs,
  • formal transaction records.

XII. Parallel actions: Platform reports and regulatory complaints

While your criminal complaint goes through PNP-ACG or NBI, parallel steps can help:

  • Report the account/page to the platform (social media, marketplace).
  • Notify your bank/e-wallet and request investigative assistance.
  • If personal data misuse is central, consider data privacy-related avenues depending on facts.
  • For consumer-style disputes where the “seller” is identifiable and local, consider additional civil/consumer remedies (though scammers often evade these).

These do not replace criminal filing but can help contain harm and preserve evidence.

XIII. Common mistakes that weaken scam complaints

  1. Deleting chats or only providing partial screenshots without identifiers
  2. No proof of payment or unclear linkage between payment and respondent
  3. Narrative is emotional but not factual (missing dates, amounts, names, platform details)
  4. Failure to list annexes and organize evidence
  5. Not securing account access leading to more losses
  6. Waiting too long (accounts disappear; logs get overwritten; funds move)

XIV. Practical template: One-page Case Summary (example format)

Complainant: [Name, address, contact] Respondent(s): [Name/alias + identifiers: usernames, URLs, phone, email] Platform(s): [Facebook/IG/Telegram/etc.] Nature of Incident: Online scam involving [fake sale/investment/service]. Amount Lost: PHP [amount] Mode of Payment: [Bank/e-wallet/remittance/crypto] to [account name/number] Date Range: [first contact] to [last contact]

Timeline:

  • [Date]: Saw listing / received message (Annex A)
  • [Date]: Respondent promised [X] and instructed payment (Annex B)
  • [Date]: Sent payment (Annex C)
  • [Date]: Respondent blocked / demanded more / disappeared (Annex D)

Annexes: A – Screenshots of listing/profile B – Chat conversation screenshots C – Proof of payment / transaction history D – Blocking evidence / follow-up demands E – Respondent identifiers (URLs, numbers, emails) F – Bank/e-wallet communications (if any)

XV. Filing on behalf of someone else, minors, and corporate victims

A. Filing for another adult

Preferably the victim signs the complaint-affidavit. If someone else files:

  • provide a Special Power of Attorney or authorization as required by the receiving office.

B. Minors

A parent/guardian typically executes the complaint, with supporting documents proving relationship/guardianship.

C. Companies

A company representative files with:

  • proof of authority (board resolution/secretary’s certificate or written authorization),
  • corporate documents as required,
  • records showing company loss.

XVI. Data privacy and defamation cautions for victims posting “exposés”

Publicly naming alleged scammers on social media can:

  • alert them to destroy evidence,
  • expose you to counterclaims if allegations are inaccurate or you post personal data beyond what is necessary.

Prefer sharing evidence directly with investigators, and keep public posts factual and minimal if you must warn others.

XVII. Summary of the most effective approach

  1. Preserve evidence immediately and secure accounts.
  2. Compile a complaint packet: case summary + complaint-affidavit + organized annexes.
  3. Submit through PNP-ACG or NBI-CCD online intake channel (if available) and comply with any in-person oath/verification requirements.
  4. Support the investigation with additional documents and certifications, especially transaction records.
  5. Proceed through prosecutor evaluation for formal criminal charging.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login